Bob Macpherson
asked on
Open port for VPN?
I have a consultant who is working remotely from inside his company and tried to access our network using CISCO VPN. I sent him instructions how to use it but he gets a message that he is not authorized. I tried to VPN from my house using his account and worked like a charm. Do you think he needs to open a port over there where he is? Thanks!
Also make sure the subnet from which he is connecting is not the same a the office. For example if the your main office were to use 192.168.1.x the site from which he is connecting must use something else such as 192.168.2.x
Claudelu
Please ask the consultant for the EXACT ERROR Message he is getting. Preferrably and if possible, the Cisco VPN client allows for logging and you can turn on logging by going to Log -> Log settings and setting all values to High
Next, Log -> Log window and then try connecting.
If you paste the log in here, we can pretty much trace the exact cause of the problem and help you out
Please ask the consultant for the EXACT ERROR Message he is getting. Preferrably and if possible, the Cisco VPN client allows for logging and you can turn on logging by going to Log -> Log settings and setting all values to High
Next, Log -> Log window and then try connecting.
If you paste the log in here, we can pretty much trace the exact cause of the problem and help you out
ASKER
He told me he has the same problem when he tries to VPN from home, so it must be his laptop, I will ask him to get me the log
ASKER
Thanks for your help. This is the log when attempted from home.
Cisco Systems VPN Client Version 4.6.01.0019
Copyright (C) 1998-2004 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2
1 08:42:52.675 11/10/06 Sev=Info/4 CM/0x63100002
Begin connection process
2 08:42:52.855 11/10/06 Sev=Info/4 CVPND/0xE3400001
Microsoft IPSec Policy Agent service stopped successfully
3 08:42:52.855 11/10/06 Sev=Info/4 CM/0x63100004
Establish secure connection using Ethernet
4 08:42:52.855 11/10/06 Sev=Info/4 CM/0x63100024
Attempt connection with server "12.196.85.227"
5 08:42:53.866 11/10/06 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 12.196.85.227.
6 08:42:53.866 11/10/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd),
VID(Nat-T), VID(Frag), VID(Unity)) to 12.196.85.227
7 08:42:53.876 11/10/06 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
8 08:42:53.876 11/10/06 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
9 08:42:53.937 11/10/06 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 12.196.85.227
10 08:42:53.937 11/10/06 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity),
VID(Xauth), VID(dpd), VID(Nat-T), NAT-D, NAT-D, VID(Frag), VID(?)) from
12.196.85.227
11 08:42:53.937 11/10/06 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
12 08:42:53.937 11/10/06 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
13 08:42:53.937 11/10/06 Sev=Info/5 IKE/0x63000001
Peer supports DPD
14 08:42:53.937 11/10/06 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
15 08:42:53.937 11/10/06 Sev=Info/5 IKE/0x63000001
Peer supports IKE fragmentation payloads
16 08:42:53.937 11/10/06 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
17 08:42:53.937 11/10/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONT ACT, NAT-D,
NAT-D, VID(?), VID(Unity)) to 12.196.85.227
18 08:42:53.937 11/10/06 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
19 08:42:53.937 11/10/06 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0x1194, Remote Port = 0x1194
20 08:42:53.937 11/10/06 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device
21 08:42:53.937 11/10/06 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated
IKE SA in the system
22 08:42:53.977 11/10/06 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 12.196.85.227
23 08:42:53.977 11/10/06 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 12.196.85.227
24 08:42:53.977 11/10/06 Sev=Info/4 CM/0x63100015
Launch xAuth application
25 08:42:59.615 11/10/06 Sev=Info/4 CM/0x63100017
xAuth application returned
26 08:42:59.615 11/10/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 12.196.85.227
27 08:42:59.675 11/10/06 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 12.196.85.227
28 08:42:59.675 11/10/06 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 12.196.85.227
29 08:42:59.675 11/10/06 Sev=Info/4 CM/0x63100015
Launch xAuth application
30 08:43:02.609 11/10/06 Sev=Info/4 CM/0x63100017
xAuth application returned
31 08:43:02.609 11/10/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 12.196.85.227
32 08:43:02.679 11/10/06 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 12.196.85.227
33 08:43:02.679 11/10/06 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 12.196.85.227
34 08:43:02.679 11/10/06 Sev=Info/4 CM/0x63100015
Launch xAuth application
35 08:43:04.161 11/10/06 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
36 08:43:06.435 11/10/06 Sev=Info/4 CM/0x63100017
xAuth application returned
37 08:43:06.435 11/10/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 12.196.85.227
38 08:43:06.485 11/10/06 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 12.196.85.227
39 08:43:06.485 11/10/06 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 12.196.85.227
40 08:43:06.485 11/10/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 12.196.85.227
41 08:43:06.485 11/10/06 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=DF80CA197E11B81B
R_Cookie=9C69CF13D5FCFB03) reason = DEL_REASON_WE_FAILED_AUTH
42 08:43:06.485 11/10/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 12.196.85.227
43 08:43:06.525 11/10/06 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 12.196.85.227
44 08:43:06.525 11/10/06 Sev=Info/4 IKE/0x63000058
Received an ISAKMP message for a non-active SA,
I_Cookie=DF80CA197E11B81B R_Cookie=9C69CF13D5FCFB03
45 08:43:06.525 11/10/06 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(Dropped) from 12.196.85.227
46 08:43:07.166 11/10/06 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=DF80CA197E11B81B
R_Cookie=9C69CF13D5FCFB03) reason = DEL_REASON_WE_FAILED_AUTH
47 08:43:07.166 11/10/06 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "12.196.85.227" because of
"DEL_REASON_WE_FAILED_AUTH "
48 08:43:07.166 11/10/06 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
49 08:43:07.186 11/10/06 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
50 08:43:07.226 11/10/06 Sev=Info/4 IKE/0x63000086
Microsoft IPSec Policy Agent service started successfully
51 08:43:07.246 11/10/06 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
52 08:43:07.246 11/10/06 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
53 08:43:07.246 11/10/06 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
54 08:43:07.246 11/10/06 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
Cisco Systems VPN Client Version 4.6.01.0019
Copyright (C) 1998-2004 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2
1 08:42:52.675 11/10/06 Sev=Info/4 CM/0x63100002
Begin connection process
2 08:42:52.855 11/10/06 Sev=Info/4 CVPND/0xE3400001
Microsoft IPSec Policy Agent service stopped successfully
3 08:42:52.855 11/10/06 Sev=Info/4 CM/0x63100004
Establish secure connection using Ethernet
4 08:42:52.855 11/10/06 Sev=Info/4 CM/0x63100024
Attempt connection with server "12.196.85.227"
5 08:42:53.866 11/10/06 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 12.196.85.227.
6 08:42:53.866 11/10/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd),
VID(Nat-T), VID(Frag), VID(Unity)) to 12.196.85.227
7 08:42:53.876 11/10/06 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
8 08:42:53.876 11/10/06 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
9 08:42:53.937 11/10/06 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 12.196.85.227
10 08:42:53.937 11/10/06 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity),
VID(Xauth), VID(dpd), VID(Nat-T), NAT-D, NAT-D, VID(Frag), VID(?)) from
12.196.85.227
11 08:42:53.937 11/10/06 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
12 08:42:53.937 11/10/06 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
13 08:42:53.937 11/10/06 Sev=Info/5 IKE/0x63000001
Peer supports DPD
14 08:42:53.937 11/10/06 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
15 08:42:53.937 11/10/06 Sev=Info/5 IKE/0x63000001
Peer supports IKE fragmentation payloads
16 08:42:53.937 11/10/06 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
17 08:42:53.937 11/10/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONT
NAT-D, VID(?), VID(Unity)) to 12.196.85.227
18 08:42:53.937 11/10/06 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
19 08:42:53.937 11/10/06 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0x1194, Remote Port = 0x1194
20 08:42:53.937 11/10/06 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device
21 08:42:53.937 11/10/06 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated
IKE SA in the system
22 08:42:53.977 11/10/06 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 12.196.85.227
23 08:42:53.977 11/10/06 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 12.196.85.227
24 08:42:53.977 11/10/06 Sev=Info/4 CM/0x63100015
Launch xAuth application
25 08:42:59.615 11/10/06 Sev=Info/4 CM/0x63100017
xAuth application returned
26 08:42:59.615 11/10/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 12.196.85.227
27 08:42:59.675 11/10/06 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 12.196.85.227
28 08:42:59.675 11/10/06 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 12.196.85.227
29 08:42:59.675 11/10/06 Sev=Info/4 CM/0x63100015
Launch xAuth application
30 08:43:02.609 11/10/06 Sev=Info/4 CM/0x63100017
xAuth application returned
31 08:43:02.609 11/10/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 12.196.85.227
32 08:43:02.679 11/10/06 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 12.196.85.227
33 08:43:02.679 11/10/06 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 12.196.85.227
34 08:43:02.679 11/10/06 Sev=Info/4 CM/0x63100015
Launch xAuth application
35 08:43:04.161 11/10/06 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
36 08:43:06.435 11/10/06 Sev=Info/4 CM/0x63100017
xAuth application returned
37 08:43:06.435 11/10/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 12.196.85.227
38 08:43:06.485 11/10/06 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 12.196.85.227
39 08:43:06.485 11/10/06 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 12.196.85.227
40 08:43:06.485 11/10/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 12.196.85.227
41 08:43:06.485 11/10/06 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=DF80CA197E11B81B
R_Cookie=9C69CF13D5FCFB03)
42 08:43:06.485 11/10/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 12.196.85.227
43 08:43:06.525 11/10/06 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 12.196.85.227
44 08:43:06.525 11/10/06 Sev=Info/4 IKE/0x63000058
Received an ISAKMP message for a non-active SA,
I_Cookie=DF80CA197E11B81B R_Cookie=9C69CF13D5FCFB03
45 08:43:06.525 11/10/06 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(Dropped) from 12.196.85.227
46 08:43:07.166 11/10/06 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=DF80CA197E11B81B
R_Cookie=9C69CF13D5FCFB03)
47 08:43:07.166 11/10/06 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "12.196.85.227" because of
"DEL_REASON_WE_FAILED_AUTH
48 08:43:07.166 11/10/06 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
49 08:43:07.186 11/10/06 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
50 08:43:07.226 11/10/06 Sev=Info/4 IKE/0x63000086
Microsoft IPSec Policy Agent service started successfully
51 08:43:07.246 11/10/06 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
52 08:43:07.246 11/10/06 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
53 08:43:07.246 11/10/06 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
54 08:43:07.246 11/10/06 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I sent him my file and he wrote it over and tried again, but he still did not succed, here is the log
> 58 15:53:41.391 11/13/06 Sev=Info/4 CM/0x63100002
> Begin connection process
>
> 59 15:53:41.411 11/13/06 Sev=Info/4 CVPND/0xE3400001
> Microsoft IPSec Policy Agent service stopped successfully
>
> 60 15:53:41.411 11/13/06 Sev=Info/4 CM/0x63100004
> Establish secure connection using Ethernet
>
> 61 15:53:41.411 11/13/06 Sev=Info/4 CM/0x63100024
> Attempt connection with server "12.196.85.227"
>
> 62 15:53:42.413 11/13/06 Sev=Info/6 IKE/0x6300003B
> Attempting to establish a connection with 12.196.85.227.
>
> 63 15:53:42.423 11/13/06 Sev=Info/4 IKE/0x63000013
> SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to 12.196.85.227
>
> 64 15:53:42.423 11/13/06 Sev=Info/4 IPSEC/0x63700008
> IPSec driver successfully started
>
> 65 15:53:42.423 11/13/06 Sev=Info/4 IPSEC/0x63700014
> Deleted all keys
>
> 66 15:53:42.543 11/13/06 Sev=Info/5 IKE/0x6300002F
> Received ISAKMP packet: peer = 12.196.85.227
>
> 67 15:53:42.543 11/13/06 Sev=Info/4 IKE/0x63000014
> RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Nat-T), NAT-D, NAT-D, VID(Frag), VID(?)) from 12.196.85.227
>
> 68 15:53:42.543 11/13/06 Sev=Info/5 IKE/0x63000001
> Peer is a Cisco-Unity compliant peer
>
> 69 15:53:42.543 11/13/06 Sev=Info/5 IKE/0x63000001
> Peer supports XAUTH
>
> 70 15:53:42.543 11/13/06 Sev=Info/5 IKE/0x63000001
> Peer supports DPD
>
> 71 15:53:42.543 11/13/06 Sev=Info/5 IKE/0x63000001
> Peer supports NAT-T
>
> 72 15:53:42.543 11/13/06 Sev=Info/5 IKE/0x63000001
> Peer supports IKE fragmentation payloads
>
> 73 15:53:42.553 11/13/06 Sev=Info/6 IKE/0x63000001
> IOS Vendor ID Contruction successful
>
> 74 15:53:42.553 11/13/06 Sev=Info/4 IKE/0x63000013
> SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONT ACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 12.196.85.227
>
> 75 15:53:42.553 11/13/06 Sev=Info/6 IKE/0x63000055
> Sent a keepalive on the IPSec SA
>
> 76 15:53:42.553 11/13/06 Sev=Info/4 IKE/0x63000083
> IKE Port in use - Local Port = 0x1194, Remote Port = 0x1194
>
> 77 15:53:42.553 11/13/06 Sev=Info/5 IKE/0x63000072
> Automatic NAT Detection Status:
> Remote end is NOT behind a NAT device
> This end IS behind a NAT device
>
> 78 15:53:42.553 11/13/06 Sev=Info/4 CM/0x6310000E
> Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
>
> 79 15:53:42.673 11/13/06 Sev=Info/5 IKE/0x6300002F
> Received ISAKMP packet: peer = 12.196.85.227
>
> 80 15:53:42.673 11/13/06 Sev=Info/4 IKE/0x63000014
> RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 12.196.85.227
>
> 81 15:53:42.673 11/13/06 Sev=Info/4 CM/0x63100015
> Launch xAuth application
>
> 82 15:53:45.447 11/13/06 Sev=Info/4 CM/0x63100017
> xAuth application returned
>
> 83 15:53:45.447 11/13/06 Sev=Info/4 IKE/0x63000013
> SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 12.196.85.227
>
> 84 15:53:45.537 11/13/06 Sev=Info/5 IKE/0x6300002F
> Received ISAKMP packet: peer = 12.196.85.227
>
> 85 15:53:45.537 11/13/06 Sev=Info/4 IKE/0x63000014
> RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 12.196.85.227
>
> 86 15:53:45.537 11/13/06 Sev=Info/4 CM/0x63100015
> Launch xAuth application
>
> 87 15:53:49.052 11/13/06 Sev=Info/4 CM/0x63100017
> xAuth application returned
>
> 88 15:53:49.052 11/13/06 Sev=Info/4 IKE/0x63000013
> SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 12.196.85.227
>
> 89 15:53:49.232 11/13/06 Sev=Info/5 IKE/0x6300002F
> Received ISAKMP packet: peer = 12.196.85.227
>
> 90 15:53:49.232 11/13/06 Sev=Info/4 IKE/0x63000014
> RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 12.196.85.227
>
> 91 15:53:49.232 11/13/06 Sev=Info/4 CM/0x63100015
> Launch xAuth application
>
> 92 15:53:51.155 11/13/06 Sev=Info/4 CM/0x63100017
> xAuth application returned
>
> 93 15:53:51.155 11/13/06 Sev=Info/4 IKE/0x63000013
> SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 12.196.85.227
>
> 94 15:53:51.255 11/13/06 Sev=Info/5 IKE/0x6300002F
> Received ISAKMP packet: peer = 12.196.85.227
>
> 95 15:53:51.255 11/13/06 Sev=Info/4 IKE/0x63000014
> RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 12.196.85.227
>
> 96 15:53:51.255 11/13/06 Sev=Info/4 IKE/0x63000013
> SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 12.196.85.227
>
> 97 15:53:51.255 11/13/06 Sev=Info/4 IKE/0x63000017
> Marking IKE SA for deletion (I_Cookie=5E17E83694C477B9 R_Cookie=E0C170E057FDCA36) reason = DEL_REASON_WE_FAILED_AUTH
>
> 98 15:53:51.255 11/13/06 Sev=Info/4 IKE/0x63000013
> SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 12.196.85.227
>
> 99 15:53:51.365 11/13/06 Sev=Info/5 IKE/0x6300002F
> Received ISAKMP packet: peer = 12.196.85.227
>
> 100 15:53:51.365 11/13/06 Sev=Info/4 IKE/0x63000058
> Received an ISAKMP message for a non-active SA, I_Cookie=5E17E83694C477B9 R_Cookie=E0C170E057FDCA36
>
> 101 15:53:51.365 11/13/06 Sev=Info/4 IKE/0x63000014
> RECEIVING <<< ISAKMP OAK INFO *(Dropped) from 12.196.85.227
>
> 102 15:53:51.856 11/13/06 Sev=Info/4 IKE/0x6300004B
> Discarding IKE SA negotiation (I_Cookie=5E17E83694C477B9 R_Cookie=E0C170E057FDCA36) reason = DEL_REASON_WE_FAILED_AUTH
>
> 103 15:53:51.856 11/13/06 Sev=Info/4 CM/0x63100014
> Unable to establish Phase 1 SA with server "12.196.85.227" because of "DEL_REASON_WE_FAILED_AUTH "
>
> 104 15:53:51.856 11/13/06 Sev=Info/5 CM/0x63100025
> Initializing CVPNDrv
>
> 105 15:53:51.896 11/13/06 Sev=Info/4 IKE/0x63000001
> IKE received signal to terminate VPN connection
>
> 106 15:53:51.906 11/13/06 Sev=Info/4 IKE/0x63000086
> Microsoft IPSec Policy Agent service started successfully
>
> 107 15:53:51.906 11/13/06 Sev=Info/4 IPSEC/0x63700014
> Deleted all keys
>
> 108 15:53:51.916 11/13/06 Sev=Info/4 IPSEC/0x63700014
> Deleted all keys
>
> 109 15:53:51.916 11/13/06 Sev=Info/4 IPSEC/0x63700014
> Deleted all keys
>
> 110 15:53:51.916 11/13/06 Sev=Info/4 IPSEC/0x6370000A
> IPSec driver successfully stopped
> 58 15:53:41.391 11/13/06 Sev=Info/4 CM/0x63100002
> Begin connection process
>
> 59 15:53:41.411 11/13/06 Sev=Info/4 CVPND/0xE3400001
> Microsoft IPSec Policy Agent service stopped successfully
>
> 60 15:53:41.411 11/13/06 Sev=Info/4 CM/0x63100004
> Establish secure connection using Ethernet
>
> 61 15:53:41.411 11/13/06 Sev=Info/4 CM/0x63100024
> Attempt connection with server "12.196.85.227"
>
> 62 15:53:42.413 11/13/06 Sev=Info/6 IKE/0x6300003B
> Attempting to establish a connection with 12.196.85.227.
>
> 63 15:53:42.423 11/13/06 Sev=Info/4 IKE/0x63000013
> SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to 12.196.85.227
>
> 64 15:53:42.423 11/13/06 Sev=Info/4 IPSEC/0x63700008
> IPSec driver successfully started
>
> 65 15:53:42.423 11/13/06 Sev=Info/4 IPSEC/0x63700014
> Deleted all keys
>
> 66 15:53:42.543 11/13/06 Sev=Info/5 IKE/0x6300002F
> Received ISAKMP packet: peer = 12.196.85.227
>
> 67 15:53:42.543 11/13/06 Sev=Info/4 IKE/0x63000014
> RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Nat-T), NAT-D, NAT-D, VID(Frag), VID(?)) from 12.196.85.227
>
> 68 15:53:42.543 11/13/06 Sev=Info/5 IKE/0x63000001
> Peer is a Cisco-Unity compliant peer
>
> 69 15:53:42.543 11/13/06 Sev=Info/5 IKE/0x63000001
> Peer supports XAUTH
>
> 70 15:53:42.543 11/13/06 Sev=Info/5 IKE/0x63000001
> Peer supports DPD
>
> 71 15:53:42.543 11/13/06 Sev=Info/5 IKE/0x63000001
> Peer supports NAT-T
>
> 72 15:53:42.543 11/13/06 Sev=Info/5 IKE/0x63000001
> Peer supports IKE fragmentation payloads
>
> 73 15:53:42.553 11/13/06 Sev=Info/6 IKE/0x63000001
> IOS Vendor ID Contruction successful
>
> 74 15:53:42.553 11/13/06 Sev=Info/4 IKE/0x63000013
> SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONT
>
> 75 15:53:42.553 11/13/06 Sev=Info/6 IKE/0x63000055
> Sent a keepalive on the IPSec SA
>
> 76 15:53:42.553 11/13/06 Sev=Info/4 IKE/0x63000083
> IKE Port in use - Local Port = 0x1194, Remote Port = 0x1194
>
> 77 15:53:42.553 11/13/06 Sev=Info/5 IKE/0x63000072
> Automatic NAT Detection Status:
> Remote end is NOT behind a NAT device
> This end IS behind a NAT device
>
> 78 15:53:42.553 11/13/06 Sev=Info/4 CM/0x6310000E
> Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
>
> 79 15:53:42.673 11/13/06 Sev=Info/5 IKE/0x6300002F
> Received ISAKMP packet: peer = 12.196.85.227
>
> 80 15:53:42.673 11/13/06 Sev=Info/4 IKE/0x63000014
> RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 12.196.85.227
>
> 81 15:53:42.673 11/13/06 Sev=Info/4 CM/0x63100015
> Launch xAuth application
>
> 82 15:53:45.447 11/13/06 Sev=Info/4 CM/0x63100017
> xAuth application returned
>
> 83 15:53:45.447 11/13/06 Sev=Info/4 IKE/0x63000013
> SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 12.196.85.227
>
> 84 15:53:45.537 11/13/06 Sev=Info/5 IKE/0x6300002F
> Received ISAKMP packet: peer = 12.196.85.227
>
> 85 15:53:45.537 11/13/06 Sev=Info/4 IKE/0x63000014
> RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 12.196.85.227
>
> 86 15:53:45.537 11/13/06 Sev=Info/4 CM/0x63100015
> Launch xAuth application
>
> 87 15:53:49.052 11/13/06 Sev=Info/4 CM/0x63100017
> xAuth application returned
>
> 88 15:53:49.052 11/13/06 Sev=Info/4 IKE/0x63000013
> SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 12.196.85.227
>
> 89 15:53:49.232 11/13/06 Sev=Info/5 IKE/0x6300002F
> Received ISAKMP packet: peer = 12.196.85.227
>
> 90 15:53:49.232 11/13/06 Sev=Info/4 IKE/0x63000014
> RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 12.196.85.227
>
> 91 15:53:49.232 11/13/06 Sev=Info/4 CM/0x63100015
> Launch xAuth application
>
> 92 15:53:51.155 11/13/06 Sev=Info/4 CM/0x63100017
> xAuth application returned
>
> 93 15:53:51.155 11/13/06 Sev=Info/4 IKE/0x63000013
> SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 12.196.85.227
>
> 94 15:53:51.255 11/13/06 Sev=Info/5 IKE/0x6300002F
> Received ISAKMP packet: peer = 12.196.85.227
>
> 95 15:53:51.255 11/13/06 Sev=Info/4 IKE/0x63000014
> RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 12.196.85.227
>
> 96 15:53:51.255 11/13/06 Sev=Info/4 IKE/0x63000013
> SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 12.196.85.227
>
> 97 15:53:51.255 11/13/06 Sev=Info/4 IKE/0x63000017
> Marking IKE SA for deletion (I_Cookie=5E17E83694C477B9
>
> 98 15:53:51.255 11/13/06 Sev=Info/4 IKE/0x63000013
> SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 12.196.85.227
>
> 99 15:53:51.365 11/13/06 Sev=Info/5 IKE/0x6300002F
> Received ISAKMP packet: peer = 12.196.85.227
>
> 100 15:53:51.365 11/13/06 Sev=Info/4 IKE/0x63000058
> Received an ISAKMP message for a non-active SA, I_Cookie=5E17E83694C477B9 R_Cookie=E0C170E057FDCA36
>
> 101 15:53:51.365 11/13/06 Sev=Info/4 IKE/0x63000014
> RECEIVING <<< ISAKMP OAK INFO *(Dropped) from 12.196.85.227
>
> 102 15:53:51.856 11/13/06 Sev=Info/4 IKE/0x6300004B
> Discarding IKE SA negotiation (I_Cookie=5E17E83694C477B9
>
> 103 15:53:51.856 11/13/06 Sev=Info/4 CM/0x63100014
> Unable to establish Phase 1 SA with server "12.196.85.227" because of "DEL_REASON_WE_FAILED_AUTH
>
> 104 15:53:51.856 11/13/06 Sev=Info/5 CM/0x63100025
> Initializing CVPNDrv
>
> 105 15:53:51.896 11/13/06 Sev=Info/4 IKE/0x63000001
> IKE received signal to terminate VPN connection
>
> 106 15:53:51.906 11/13/06 Sev=Info/4 IKE/0x63000086
> Microsoft IPSec Policy Agent service started successfully
>
> 107 15:53:51.906 11/13/06 Sev=Info/4 IPSEC/0x63700014
> Deleted all keys
>
> 108 15:53:51.916 11/13/06 Sev=Info/4 IPSEC/0x63700014
> Deleted all keys
>
> 109 15:53:51.916 11/13/06 Sev=Info/4 IPSEC/0x63700014
> Deleted all keys
>
> 110 15:53:51.916 11/13/06 Sev=Info/4 IPSEC/0x6370000A
> IPSec driver successfully stopped
What's on the corporate side? A VPN concentrator? What's the code running on it?
ASKER
I checked my connections and I have a Local Area Connector for a CISCO VPN Adapter, which was created when I installed the software. He does not have that connection, I told him to reinstall the software, see if that helps.
Get him to install the latest version. I believe it's 4.8
Also, what are the answers to my questions?
Thx
Thx
ASKER
We have a CISCO firewall and we manage the users through Cisco ASDM 5.2 for ASA. The version of the software I sent him is 4.8
Did that work out for your consultant? If not, to proceed I'll need to see the logs from the ASDM. Go into the logging section and send me the ISAKMP & IPSEC logs for the duration when the consultant tries to connect
I have a new question related to this...
I have a workstation that will connect to our network via VPN. I need to know once we allow access via our PIX firewall, what port to open so that this user can access a server file share. I have one directory on this server that the user needs to read write to. That's it. He's asking me what port he needs to open. HELP! Thanks.
I have a workstation that will connect to our network via VPN. I need to know once we allow access via our PIX firewall, what port to open so that this user can access a server file share. I have one directory on this server that the user needs to read write to. That's it. He's asking me what port he needs to open. HELP! Thanks.
Cheers,
Rajesh